New cybersecurity measures incoming for energy operators

WASHINGTON – The Department of Interior will issue cybersecurity regulations in the coming days for U.S. pipeline operators following a ransomware attack that directly led to fuel shortages across large swaths of the Eastern Seaboard.

Specific security measures were expected to be addressed this week by the Transportation Security Administration, which oversees the country’s network of pipelines.

According to reports, the directive will include a requirement that pipeline companies report cyber incidents to the federal government. The Department of Homeland Security has declined to disclose any details regarding the initiative but did release a statement.

“The Biden administration is taking further action to better secure our nation’s critical infrastructure,” a statement said.

Cybersecurity efforts that contain more involvement from government oversight are likely to draw some blowback among the private sector. The American Petroleum Institute, representing the oil and natural gas industry, announced in a statement that its members are working with the administration to develop policies and that any regulation should include “reciprocal information sharing and liability protections.”

There are currently more than 2.7 million miles of pipeline transporting oil, natural gas and other liquids throughout the United States. Members of Congress have recently raised cybersecurity concerns.

In recent weeks, Colonial Pipeline was targeted in a ransomware attack by foreign culprits that prompted the company to shut down its system delivering nearly 45 percent of the gasoline distributed for purchase on the East Coast. That halt brought shortages and price hikes from Washington, D.C. to the Gulf Coast.

The company later admitted it paid a $4.4-million ransom to retrieve its data from a gang of hackers. The Federal Bureau of Investigation linked the ransomware to a Russian-speaking criminal syndicate.